If a product only knows how to defend against remote attackers, its security model is still incomplete
Most banking security is still designed around one familiar threat model: someone is trying to break into the account remotely. A stolen password. A compromised device. Phishing. An intercepted code. Suspicious login activity from another location.
Banks have spent years getting better at that model.
But real life has another category of risk, and it is much harder to handle at the product level. The app may be opened not because of a hack, but because the user is being forced to open it.
That is exactly where the standard banking security model starts to break.
Because once the user is no longer free in their actions, the usual logic of “confirm login”, “enter the code”, or “pass another verification step” stops solving the real problem. Formally, the account is protected. In practice, the person can still be pressured into revealing balances, opening accounts, or moving deeper into the app.
That is why, in DARCA, we look at this as a separate product problem rather than just another edge case.
Duress Mode is designed for coercion scenarios. Logging in with a second password activates a different display and restriction setup. The interface still looks plausible, but it does not show real balances and does not allow dangerous actions. That matters because, in this kind of situation, the product should not simply fail with an error. It should still behave naturally, but under a different defensive logic.
Panic Lock solves a different part of the problem. It is a fast emergency lock that pushes account recovery into a much stricter mode. Not “deal with it later”, but an immediate switch into a harder defensive state.
For us, the key point is simple: this is not just “two more security features”. It is an attempt to treat safety as something that has to work not only against digital attacks, but also in situations where the threat is physically close to the user.
That is also why standard banking security often feels incomplete. The market has become reasonably good at defending against remote attackers, but much weaker at designing for coercion. And if that scenario is not handled productively, then the security model still leaves one of the ugliest real-world risks outside the system.
A financial product should not only protect the account from being accessed.
It should also know what to do when the user is being forced to open it.
That is the real reason Duress Mode + Panic Lock matters.
1700+ people have already received access to DARCA testing, and we are continuing to open access further.
If you also want to join testing, here is the link:
https://forms.gle/toKvRjDVEheJEddV7
Question for discussion:
Can a banking security model really be called complete if it handles remote attacks well, but still does very little about coercion happening right next to the user?
Top comments (0)